1. Technical Field
Aspects of the present invention relate to an electronic certificate issuance system having a plurality of communication devices and an electronic certificate issuing device which issues an electronic certificate to each of the communication devices.
1. Related Art
An SSL (Secure Socket Layer) communication is known as a method for achieving a high security communication between a plurality of communication devices. The SSL communication requires a private key and a public key as a key pair to be generated and a CA (Certificate Authority) to issue an electronic certificate corresponding to the public key to certify authenticity of the public key before starting communication. The private key and the electronic certificate for the public key are installed in a server device to be used for the SSL communication.
When a client device sends an initial signal for SSL handshaking to the server device to which the electronic certificate and the private key have been installed, the server device sends the electronic certificate to the client device.
When the electronic certificate from the server device is received by the client device, the client device refers to a digital signature included in the electronic certificate to determine as to whether the electronic certificate is valid without any falsification. If the electronic certificate is determined to be valid, the client device trusts the server device and continues to perform the succeeding procedure. Specifically, the above-mentioned pair of the private key and the public key is used to negotiate a session key (a common key) between the server device and the client device. Once the session key is established, the session key is used for the succeeding cryptographic communication.
For a method of installing a electronic certificate in a server device, it is known that the server device generates a private key and a public key, a CA (Certificate Authority) issues an electronic certificate for the public key, and the issued electronic certificate is installed in the server device. It is also known that a management device working as a CA issues a private key and an electronic certificate for the public key corresponding to the private key, and then the electronic certificate and the private key are installed in the server device.
An example of a method to install the electronic certificate in the server device is disclosed in Japanese Patent Provisional Publication No. 2005-346630. In the publication, an electronic certificate issued by a management device is stored in a portable external storage device such as a USB (Universal Serial Bus) memory, and the external storage device is connected to the server device, thereby installing the electronic certificate in the server device via an external storage device.